Online users are typically required to maintain a set of authentication credentials (e.g., a username and password) for each service provider he or she is entitled to access. These users often face the dilemma of using different authentication credentials for each individual service provider in order to maintain a high level of security, or using the same authentication credentials for the various service providers resulting in a diminished level of security. Frequently, the latter is chosen over the former, as it is difficult to memorize and maintain numerous authentication credentials. In addition, aside from the security implications, requiring users to enter authentication credentials each time access to a service provider is necessary is a generally awkward and time consuming procedure.
Various conventional technologies have been proposed to alleviate or eliminate the need to maintain multiple sets of authentication credentials that provide access to various online services. One such technology utilizes a centralized credential management that provides authentication services for participating service providers. After a user initially establishes a relationship and authenticates with the centralized credential management, the centralized credential management administers the authentication process when the user subsequently requests access to any of the participating service providers. This technology significantly reduces the complexity of having to request access of numerous service providers. The centralized credential management transparently handles the particulars of authenticating with various participating service providers, while a high level of user security is maintained.
Current conventional centralized credential management technologies are not suitable for all online environments. One conventional centralized credential management technology requires a user to authenticate with an authentication server. After authentication, the authentication server issues an authentication ticket to the user. The authentication ticket is used by the user to obtain access to a server that issues service access tickets. The server will issue a service access ticket to the user if the authentication ticket is valid. The user may then use the service access ticket to gain access to a service provider.
The described conventional centralized credential management technology provides secure access functionality if the service providers are centrally maintained. However, secure access to the service providers is compromised if the service providers are part of a network having numerous disparate users/entities, such as the Internet.
Another conventional authentication technology uses a centralized database that contains registered users and their associated authentication credentials. Each of the registered users has a unique 64-bit ID number. This conventional authentication technology also assigns each participating service provider a unique ID. These unique IDs are also kept in a centralized database. The participating service providers agree to implement a server component that facilitates secure communication with an entity administering the centralized databases. When a registered user attempts to authenticate with a participating service provider, the user is transparently redirected to the administering entity to facilitate the authentication. The implemented secure communication path between the participating service provider and the administering entity helps to ensure the authentication request granted.
The authentication technology discussed above provides secure Web-based authentication. However, the technology has not been widely adopted by the Internet community. This is mainly due to the centralized database design feature of the technology. Some service providers do not approve of the technology because central databases are used. In particular, a service provider must rely on an entity administering the centralized databases to ensure successful user authentication. If the entity experiences technical difficulties, user authentication may be disrupted. This possibility of disruption, which is not service provider controllable, may be a risk the service provider is not willing to take. Furthermore, the use of centralized databases makes the authentication technology especially prone to attacks by hackers and malware.